Privacy Policy

Last updated: October 24, 2025

1. Introduction

Welcome to GPT Rewind ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our ChatGPT analytics service.

By using GPT Rewind, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 ChatGPT Conversation Data

When you upload your ChatGPT export file, we temporarily process:

  • Conversation messages and timestamps
  • Message metadata (date, time, length)
  • Conversation topics and themes
  • Usage patterns and statistics

Important: Your uploaded conversation file is stored for a maximum of 24 hours for processing purposes only, after which it is permanently deleted from our servers. We only retain the computed analytics, insights, and visualizations, never your original conversation content.

2.2 Account Information

When you create an account, we collect:

  • Email address
  • Username (if provided)
  • Authentication credentials (securely managed by Clerk)
  • Profile information (optional)

2.3 Payment Information

Payment processing is handled securely by Stripe. We do not store your complete credit card information. We only retain:

  • Transaction IDs
  • Purchase history
  • Last 4 digits of card (for your reference)

2.4 Analytics and Usage Data

We automatically collect:

  • Browser type and version
  • Device information
  • IP address (anonymized)
  • Pages visited and time spent
  • Referring website

2.5 Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience and analyze how you use our service.

Your Privacy Choices

You have full control over your cookie preferences. We respect your right to privacy and comply with GDPR and CCPA requirements.

Essential Cookies: These cookies are necessary for the website to function properly. They enable core features such as authentication, security, and basic functionality. These cookies cannot be disabled.

Analytics Cookies: With your consent, we use Google Tag Manager (GTM) and Google Analytics 4 (GA4) to understand how visitors interact with our website. These cookies help us:

  • Measure website traffic and user engagement
  • Identify popular features and content
  • Improve our service based on user behavior
  • Understand conversion and retention patterns

Managing Your Preferences: You can manage your cookie preferences at any time by clicking "Cookie Settings" in the footer of any page. Your choices will be saved and respected across all your visits.

3. How We Use Your Information

We use your information to:

  • Provide Services: Generate AI personality insights, trending topics analysis, and usage statistics
  • Improve Our Service: Analyze usage patterns to enhance features and user experience
  • Process Payments: Complete transactions and send purchase confirmations
  • Communicate: Send service updates, new features, and support messages
  • Ensure Security: Detect and prevent fraud, abuse, and security incidents
  • Comply with Legal Obligations: Meet regulatory requirements and respond to legal requests

4. Data Retention

24-Hour File Deletion Policy

Your uploaded ChatGPT conversation files are automatically and permanently deleted within 24 hours of upload. This is a strict, automated process with no exceptions.

For other data:

  • Analysis Results: Retained indefinitely unless you delete your account
  • Account Data: Retained while your account is active
  • Payment Records: Retained for 7 years for tax and accounting purposes
  • Anonymous Analytics: Retained indefinitely for service improvement

5. Data Sharing and Disclosure

We do not sell your personal data. We only share information in these limited circumstances:

  • Service Providers: Clerk (authentication), Stripe (payments), Supabase (database hosting), Vercel (hosting)
  • Legal Requirements: When required by law, court order, or government request
  • Business Transfers: In the event of a merger, acquisition, or sale of assets
  • With Your Consent: When you explicitly authorize us to share your data

6. Data Security

We implement industry-standard security measures:

  • End-to-end encryption for data transmission (TLS/SSL)
  • Encrypted storage for sensitive information
  • Regular security audits and vulnerability assessments
  • Access controls and authentication (Clerk)
  • Automated backup systems
  • Secure payment processing (PCI DSS compliant via Stripe)

While we strive to protect your data, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security but continuously work to improve our defenses.

7. Your Rights and Choices

You have the following rights:

7.1 Access and Portability

Request a copy of your personal data and analysis results in a portable format.

7.2 Correction

Update or correct your account information at any time through your profile settings.

7.3 Deletion

Request deletion of your account and associated data. Some information may be retained for legal compliance.

7.4 Opt-Out

Unsubscribe from marketing emails using the link in any email or through your account settings.

7.5 Restrict Processing

Request limitation of how we process your data under certain circumstances.

8. Cookies and Tracking

We use cookies and similar technologies to:

  • Essential Cookies: Required for authentication and core functionality
  • Analytics Cookies: Help us understand how users interact with our service
  • Preference Cookies: Remember your settings and preferences

You can control cookies through your browser settings, though disabling essential cookies may limit functionality.

9. Children's Privacy

GPT Rewind is not intended for users under 13 years of age. We do not knowingly collect personal information from children. If you believe we have inadvertently collected such information, please contact us immediately.

10. International Data Transfers

As a company based in the Netherlands, we primarily process data within the European Economic Area (EEA). When data is transferred outside the EEA, we ensure appropriate safeguards are in place:

  • Standard Contractual Clauses (SCCs): EU-approved model contracts for transfers outside the EEA
  • Adequacy Decisions: Transfers to countries deemed adequate by the European Commission
  • Additional Safeguards: Encryption, access controls, and regular security assessments
  • Data Transfer Impact Assessments: Regular reviews of international transfer risks

We comply with Chapter V of the GDPR regarding international data transfers and the Schrems II decision requirements.

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes via email or prominent notice on our website. Your continued use of GPT Rewind after changes indicates acceptance of the updated policy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your data:

Company: GPT Rewind

Registered in: Netherlands

Email: hi@gpt-rewind.com

Response Time: Within 48 hours

Supervisory Authority: Autoriteit Persoonsgegevens (Dutch Data Protection Authority)

13. Regulatory Compliance

As a Netherlands-based company, we comply with:

  • General Data Protection Regulation (GDPR): EU Regulation 2016/679
  • Uitvoeringswet AVG (UAVG): Dutch implementation of GDPR
  • Telecommunicatiewet: Dutch Telecommunications Act
  • ePrivacy Directive: Cookie regulations
  • California Consumer Privacy Act (CCPA): For California residents

Supervisory Authority: Our lead supervisory authority is the Autoriteit Persoonsgegevens (AP), the Dutch Data Protection Authority.

If you are not satisfied with our response to your privacy concerns, you have the right to lodge a complaint with the Autoriteit Persoonsgegevens or your local data protection authority.